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IN THE CLAIMS : 

Please amend claims 1-7 as indicated below, and add claims 8- 

12 as follows: 

1. (Currently amended) A method of permitting secure access 
between a service external to a network firewall and a client 
internal to the firewall, comprising the steps of: 

[[-]] (a) effecting an HTTP GET operation or equivalent thereof 
from the client to establish a communications socket at the client 
for communicating data [[from]] between the service [[to]] and the 
client; 

[[-]] (b) after a prodctcrmincd interval cffocting another GET 
operation — — oquivalont — thereof — — clooo closing the existing 
communications socketT — irroopoctivQ of whether acccoo and opening 
a new communications socket at the client for communicating data 
between the service and the client is — required — fee — continue by 
performing another GET operation or equivalent thereof after a 
predetermined time interval ; and 

[[-]] (c) repeating otcpo fa-) — aft4 step (b) while access 

between the service and the client is required to continue without 
repeating step (a) . 

2. {Currently amended) The method of claim 1, wherein the 
predetermined time interval is looo — than — another set with 
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reference to a specific time interval after which client Gnforcco 
software on the client side of the firewall enforces termination 
of a client communications socket established by [[a]] said GET 
operation or equivalent thereof , said predetermined time interval 
being set to be less than said specific time interval . 

3. (Currently amended) The method of claim 1 ^ — claim 2 , 
wherein information is transferred from the client to the service 
by an HTTP POST operation or equivalent thereof. 

4. {Currently amended) The method of efty — e^e — — fette 
proGcding claimo claim 1 , wherein successive messages transferred 
between the client and the service are identified by a globally- 
unique identification created by the client and communicated to 
the service. 

5. (Currently amended) The method of claim 4, wherein the 
globally unique globally unique identification is communicated via 
an HTTP GET or POST operation or equivalent thereof. 

6. {Currently amended) The method of claim 5, wherein the 
globally unique globally unique identification is communicated in 
a URI relative path component. 

7. {Currently amended) The method of efty — efte — e# — fei^ 
preceding olaimo claim 2 , wherein said software pro vides a proxy 
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service for communications with the client travcroo — a — prony 
ocrvicQ loGQtQd on the client oido of the fircv/all . 

8. (New) Apparatus for permitting secure access through a 
network firewall with a service, said apparatus comprising: 

a communications interface for interfacing the apparatus with 
said network, the communications interface being arranged to open 
and close communications sockets; 

a first control arrangement for using the communications 
interface to effect a first HTTP GET operation or equivalent 
thereof in respect of said service thereby to cause the latter to 
establish a communications socket for communicating data between 
the service and the client; 

a second control arrangement for using the communications 
interface to effect another GET operation or equivalent thereof in 
respect of said service a predetermined time interval after a most 
recent GET operation effected by the apparatus in respect of said 
service, thereby to close the existing said communications socket 
and to open a new communications socket for communicating data 
between said service and the client; and 

a third control arrangement for causing the second control 
arrangement to terminate its operation when access between the 
service and the client is no longer required. 
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9. (New) The apparatus of claim 8, further comprising an 
identification generation arrangement for generating a globally- 
unique identification identifying the service-client 
communications connection established through the succession of 
sockets created by the communications interface for data between 
said service and client, the first and second control arrangements 
and the communications interface together being arranged to send 
this globally-unique identification to the server in effecting 
each GET operation or equivalent thereof. 

10. [New) A system comprising the apparatus of claim 8 and a 
proxy server through which communications between the apparatus 
and said service are arranged to pass, the proxy server being 
arranged to cause the communication socket on the apparatus to be 
closed after a specific time interval, said predetermined time 
interval being less than said specific time interval. 

11. (New) A computer-readable medium storing a computer 
program arranged to condition a program-controlled networked 
computer, when executed by the latter, to access a service beyond 
a network firewall by steps of: 

(a) effecting an HTTP GET operation or equivalent thereof 
from the client to establish a communications socket at the client 
for communicating data between said service and the client; 
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(b) after a predetermined time interval effecting another GET 
operation or equivalent thereof to close the existing 
communications socket and open a new communications socket at the 
client for communicating data between the same said service and 

the client; and 

,c) repeating step (b) while access between the service and 
the client is required to continue without repeating step (a) • 

12. iNew) The method of claim 2, wherein information is 
transferred from the client to the service by an HTTP POST 
operation or equivalent thereof. 



